Vulnerabilities > Python > Pillow > Critical

DATE CVE VULNERABILITY TITLE RISK
2022-05-25 CVE-2022-30595 Out-of-bounds Write vulnerability in Python Pillow 9.1.0
libImaging/TgaRleDecode.c in Pillow 9.1.0 has a heap buffer overflow in the processing of invalid TGA image files.
network
low complexity
python CWE-787
critical
 9.8
9.8
2022-03-28 CVE-2022-24303 Pillow before 9.0.1 allows attackers to delete files because spaces in temporary pathnames are mishandled.
network
low complexity
python fedoraproject
critical
 9.1
9.1
2022-01-10 CVE-2022-22817 PIL.ImageMath.eval in Pillow before 9.0.0 allows evaluation of arbitrary expressions, such as ones that use the Python exec method.
network
low complexity
python debian
critical
 9.8
9.8
2021-07-13 CVE-2021-34552 Classic Buffer Overflow vulnerability in multiple products
Pillow through 8.2.0 and PIL (aka Python Imaging Library) through 1.1.7 allow an attacker to pass controlled parameters directly into a convert function to trigger a buffer overflow in Convert.c.
network
low complexity
python debian fedoraproject CWE-120
critical
 9.8
9.8
2021-06-02 CVE-2021-25288 Out-of-bounds Read vulnerability in multiple products
An issue was discovered in Pillow before 8.2.0.
network
low complexity
python fedoraproject CWE-125
critical
 9.1
9.1
2021-06-02 CVE-2021-25287 Out-of-bounds Read vulnerability in multiple products
An issue was discovered in Pillow before 8.2.0.
network
low complexity
python fedoraproject CWE-125
critical
 9.1
9.1
2021-03-19 CVE-2021-25289 Out-of-bounds Write vulnerability in Python Pillow
An issue was discovered in Pillow before 8.1.1.
network
low complexity
python CWE-787
critical
 9.8
9.8
2020-01-03 CVE-2020-5311 Classic Buffer Overflow vulnerability in multiple products
libImaging/SgiRleDecode.c in Pillow before 6.2.2 has an SGI buffer overflow.
network
low complexity
python debian canonical fedoraproject CWE-120
critical
 9.8
9.8
2020-01-03 CVE-2020-5312 Classic Buffer Overflow vulnerability in multiple products
libImaging/PcxDecode.c in Pillow before 6.2.2 has a PCX P mode buffer overflow.
network
low complexity
python canonical debian fedoraproject CWE-120
critical
 9.8
9.8
2016-04-13 CVE-2016-4009 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Python Pillow
Integer overflow in the ImagingResampleHorizontal function in libImaging/Resample.c in Pillow before 3.1.1 allows remote attackers to have unspecified impact via negative values of the new size, which triggers a heap-based buffer overflow.
network
low complexity
python CWE-119
critical
 9.8
9.8